Skip to content

Hide Navigation Hide TOC

New Generic Credentials Added Via Cmdkey.EXE (b1ec66c6-f4d1-4b5c-96dd-af28ccae7727)

Detects usage of "cmdkey.exe" to add generic credentials. As an example, this can be used before connecting to an RDP session via command line interface.

Cluster A Galaxy A Cluster B Galaxy B Level
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern New Generic Credentials Added Via Cmdkey.EXE (b1ec66c6-f4d1-4b5c-96dd-af28ccae7727) Sigma-Rules 1
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 2